AI News: Italy Sets the Rules for AI in the Workplace

Law No. 132 (the Italian Artificial Intelligence Act) took effect on 10 October 2025.¹ Under the Italian AI Act, at least one implementing decree that defines an “organic framework” for data, algorithms and artificial intelligence (AI)-training methods is due by October 2026. Italy is the first EU country to pass a comprehensive national AI framework, and the law marks a turning point for employers operating in Italy. Now that the legislation is fully applicable, employers are moving from regulatory preparation to concrete compliance and governance decisions regarding the use of AI in the workplace.

Under the EU AI Act (Regulation (EU) 2024/1689),² AI systems intended for employment decisions are automatically classified as “high-risk” under Article 6 and Annex III. This classification triggers comprehensive obligations, including risk management, data quality controls, technical documentation, record-keeping, transparency to users, and meaningful human oversight. 

Consistent with the EU AI Act, the Italian AI Act places the protection of fundamental rights at the center of technological innovation. Transparency, data protection, gender equality, cybersecurity, and accessibility are no longer aspirational principles, but binding requirements shaping how AI may be deployed in the Italian workplace.

What This Means for Employers

When read together with the Transparency Decree (Legislative Decree No. 104/2022),³ the Italian AI Act significantly expands employers’ compliance obligations when AI systems are used in human resources and workforce-management processes, including recruitment, performance evaluation, task allocation, and termination decisions.

Under the law, employers are required to:

• Provide employees in advance with clear and comprehensive information about the functioning of AI tools and the data used;
• Promptly update such information and provide notice of any material system changes at least 24 hours in advance;
• Share the relevant disclosures with trade union representatives;
• Ensure effective human oversight over automated decision-making; and
• Guarantee that AI systems respect employees’ fundamental rights and operate free from discrimination of any kind.

From Disclosure to Explanation

The law also goes a step further and requires information to be communicated in plain, accessible language to ensure employees understand how automated decisions work, the associated risks of the AI tools, and what effects the tools may produce. Employees must also be given the opportunity to ask for clarification and human review of AI-driven decisions.

In short, compliance is no longer only about informing, it is about explaining.

Sanctions and Enforcement

Failure to comply with the Italian AI Act carries tangible financial exposure. Administrative fines of up to €1,500 per employee may be imposed, with additional monthly increases and further penalties in cases involving failures to inform trade unions.

New Oversight at Institutional Level

The Italian AI Act also establishes a dedicated Oversight Committee on the adoption of AI systems in the workplace within the Ministry of Labour and Social Policies. The Oversight Committee will monitor the employment impact of AI, develop regulatory strategies, and identify sectors most affected by digital transformation, foreshadowing increased institutional scrutiny in the years ahead.

Impact on Regulated Professions

Professionals are not exempted. The new law expressly prohibits the full delegation of professional services to AI systems and requires transparent and comprehensible disclosure of any AI use in professional activities.

Data Protection

Where AI systems involve the processing of personal data, the General Data Protection Regulation (GDPR)⁴ fully applies. 

Accordingly, employers must identify a valid legal basis for processing, ensure compliance with data minimization and purpose limitation principles, conduct a Data Protection Impact Assessment where applicable, particularly where AI systems are used for systematic evaluation or decision-making affecting employees, and, in cases of decisions based solely on automated processing producing legal or similarly significant effects, guarantee the right to obtain human intervention, express a point of view, and contest the decision.

The Italian AI Act reinforces these GDPR obligations. Article 4 of the new regulation reaffirms that any personal data processed through AI systems must be handled lawfully, fairly, and transparently, in line with the original purposes for which the data was collected and in full compliance with European Union law.

What Companies Should Do Now

Companies operating in Italy should act promptly to:

• Assess the AI systems currently in use;
• Update disclosure notices and internal documentation;
• Implement robust internal policies and governance frameworks aligned with the new standards of transparency and algorithmic accountability;
• Comply with GDPR;
• Monitor implementing decrees; and
• Consult with counsel to ensure compliance.

With the Italian AI Act now in force, the current phase represents a critical window for employers to align AI deployment with binding legal requirements ahead of further regulatory guidance and increased institutional scrutiny.